Session 319

350 views

Published on

Slides from session 319 at Collaborate 13

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
350
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
1
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Session 319

  1. 1. Session 319:Security Compliance usingOracle Enterprise Manager 12c Bobby Curtis, MBA Solution Architect BIAS Corporation April 2013
  2. 2. •  Founded in 2000 •  Oracle Platinum Partner with 20+ specializations •  Distinguished Oracle Leader –  Technology Momentum –  Portal Blazer Award –  Titan Award – Red Stack + HW Momentum –  Excellence in Innovation •  Management Team is Ex-Oracle •  Location(s): Atlanta, Washington D.C., Offshore – Hyderabad and Chennai, IndiaAbout BIAS •  Inc.500 fastest growing private company in the U.S. for the 3rd Time •  Voted Best Place to work in Atlanta for 2nd year
  3. 3. Bobby Curtis, MBA •  Douglasville, Georgia (west side of Atlanta) •  Solution Architect, BIAS Corp.About Presenter •  Implementation Specialist for Core Technologies •  IOUG, ODTUG, & GOUSER •  Using Oracle products since 2001 •  Previous Life: Military/Systems Administrator Blog: http://www.dbasolved.com Twitter: @curtisbl294 Email: bobby.curtis@biascorp.com curtisbl@gmail.com
  4. 4. §  Compliance   §  Customer  Story  -­‐  CCH   §  Puzzle  Pieces  Session Agenda §  Configura8on   §  Addi8onal  Informa8on   §  Customer  Improvements   §  Wrap-­‐Up  
  5. 5. Compliance
  6. 6. Compliance Management What  is  compliance  management?   The  ability  to  evaluate  the   compliance  of  targets  and   systems  as  they  are  related  to   best  prac8ces  for  configura8on,   security,  and  storage.  
  7. 7. Compliance Overview Compliance  solu8on  consists  of:  
  8. 8. What  do  these  numbers     have  to  do  with  security  compliance?  Compliance Overview 6                Frameworks   :0   50            Standards   :23   :115        Rules   1827  
  9. 9. Customer Story
  10. 10. Who  is…   •  Leading  provider  of  Tax,  Accoun8ng  and  Audit   Informa8on  SoUware  for  professionals   •  Subsidiary  of  Wolters  Kluwer  Tax  &  Accoun8ng  Customer Story •  Based  in  Riverwoods,  Ill.,  office  in  Kennesaw,  GA.   •  Largest  customer  is  Internal  Revenue  Service  (IRS)   •  Booth  1318    
  11. 11. •  Reliable  monitoring  for  3  RAC  environments   •  High  security  requirements  Customer Story •  Needed  to  enforce  compliance   •  Annual  audits  are  8me  consuming  
  12. 12. Compliance Puzzle Pieces
  13. 13. There  are  three  pieces  to  the  compliance  Puzzle Pieces, oh my… puzzle.    They  are  the  building  blocks  for   compliance  and  are  hierarchical  structure.   1.  Frameworks   2.  Standards   3.  Rules   ü  Real-­‐Time  Facets*   ü  Templates*  
  14. 14. Puzzle Pieces : Framework A  compliance  framework  is  a  hierarchical  structure   where  any  node  can  be  mapped  to  one  or  more   compliance  standards  and  compliance  standard   rules.   2  Types  of  Frameworks:     §  Oracle  Provided   §  Payment  Card  Industry  (PCI)   §  Generic   §  User-­‐Defined   §  Defined  to  sa8sfy  the  needs  of  your  organiza8on  
  15. 15. Puzzle Pieces : Standards A  compliance  standard  is  a  collec8on  of  checks  or   rules.   Standards-­‐Hierarchical  Structure:     §  Compliance  Rules   §  Rule  Folders   §  Hierarchical  structure  the  constrains  compliance  rules   §  Compliance  Standards   §  Can  include  other  compliance  standards  
  16. 16. What  do  standards  do:  Puzzle Pieces : Standards   §  Represent  Industry-­‐wide  standards,  per  target   §  Used  as  reference  configura8on/cer8fied  configura8on   §  Describe  best  prac8ces  for  enterprise   Security  Compliance  Standards  By   Target  Type   Automa8c  Storage  Management  (ASM)   2   Cluster   1   Cluster  Database   7   Database  Instance   9   Host   2   Listener   2   Total   23  
  17. 17. A  compliance  rule  is  a  test  that  determines  if   configura8on  data  change  affects  compliance.     Based  on  the  result,  the  compliance  score  is  Puzzle Pieces : Rules calculated.   3  Types  of  Rules:   §  Repository  Rules   §  Check  against  metrics  in  management  repository   §  Weblogic  Server  Signature  Rules   §  Describe  poten8al  problems  based  on  info  about  Weblogic   Server  and  environment   §  Real-­‐Time  Monitoring   §  Monitors  ac8ons  performed  by  users  on  targets  
  18. 18. Puzzle Pieces : Templates Enable  security  compliance;  templates  have  to  be   enabled.  
  19. 19. Evaluation…Understand Number  of  targets   evaluated  as  Cri8cal,   Warning,  or  Compliant   Average  Score  for  Evalua8on   Number  of  Cri8cal,   Compliance  Score  Ra9ngs   Warning,  or  Minor  Warning   Cri9cal   <  60   viola8ons  across  all  targets   Warning   <  80   Compliant   >  80    
  20. 20. Compliance  Summary  &  Details     §  Enterprise  Summary  Evaluation… Review §  Compliance  Dashboard  
  21. 21. Configure the Puzzle Pieces
  22. 22. Configure: Library 3   2   1   N/A  
  23. 23. Configure: Rules
  24. 24. Configure: Rules
  25. 25. Configure: Standards
  26. 26. Compliance  Standards  are:     §  Hierarchical  in  nature   §  Must  have  at  least  1  rule  Configure: Standards   Adding  Rules/Standards  is   simple!     Right  click-­‐>Edit-­‐>Add  
  27. 27. Configure: Framework §  Top  most  level  of  compliance   §  Only  standards  can  be  added   §  Standards  in  subgroups  
  28. 28. §  Oracle  Security  Template   §  Immediately  available   (some  delay)  Results
  29. 29. Results
  30. 30. Dashboard  Consists  of:     §  Compliance  Framework   Summary   §  Compliance  Summary   §  Least  Compliant  Generic   Systems  Results §  Most  Recently  Discovered   Unmanaged  Hosts   §  Least  Compliant  Targets  
  31. 31. Additional Information
  32. 32. Compliance  from  the  command  line:   §  export_compliance_group   §  export_compliance_standard_rule     §  export_standard               §  import_compliance_object      EMCLI Options
  33. 33. Views  for  Compliance  (SYSMAN)   §  MGMT$COMPLIANCE_STANDARD_GROUP   §  MGMT$COMPLIANCE_STANDARD   §  MGMT$COMPLIANCE_STANDARD_RULE   §  MGMT$COMPLIANCE_SUMMARY  SQL Options §  MGMT$COMPLIANT_TARGETS   §  MGMT$COMPLIANCE_TREND   §  MGMT$COMPOSITE_CS_EVAL_SUMMARY   Oracle  Enterprise  Manager  Cloud  Control  Extensibility  Programmers  Guide   Chapter  18      
  34. 34. To  use  compliance  standards:   §  CREATE_COMPLIANCE_ENTITY  Privileges & Roles §  FULL_ANY_COMPLIANCE_ENTITY   §  VIEW_ANY_COMPLIANCE_FWK   §  MANAGE_TARGET_COMPLIANCE   §  VIEW   §  EM_COMPLIANCE_DESIGNER  (ROLE)   §  EM_COMPLIANCE_OFFICE  (ROLE)  
  35. 35. Customer Story.. Improvement?
  36. 36. §  Able  to  monitor  in  all  environments   §  Has  a  easier  and  measurable  way  of  enforcing   compliance  across  environments  Customer Story   §  Expected  to  reduce  annual  audit  8mes  by   40%-­‐50%  
  37. 37. §  Brief  customer  story   §  Talked  about  compliance  and  its  importance   §  Implemented  security  aspects  of  the  compliance   model  and  how  to  review  results   §  Discussed  addi8onal  op8ons  for  compliance  Wrap Up §  Results  of  customer  implemen8ng  compliance  
  38. 38. Discussion & Questions
  39. 39. Thank You for Attending Blog: http://www.dbasolved.com Twitter: @curtisbl294 Email: bobby.curtis@biascorp.com curtisbl@gmail.com hrp://www.biascorp.com    

×